Infrastructure of Interest: Medium Confidence Detection
These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations. These indicators have been assigned a medium confidence level regarding their maliciousness. They are therefore subject to further review, and feedback is greatly appreciated.
AI Analysis
Technical Summary
The provided information describes a medium confidence detection of malicious infrastructure identified by LevelBlue Labs through advanced threat hunting techniques. These techniques include AI-driven heuristics, behavioral analysis of malicious activity, and correlation of endpoint telemetry with external intelligence sources. The detection is categorized as a campaign, indicating a coordinated set of malicious activities or infrastructure used by threat actors. However, the report lacks specific technical details such as affected software versions, adversary attribution, indicators of compromise (IOCs), or exploit mechanisms. No known exploits are reported in the wild, and no CVSS score is assigned. The detection primarily serves as intelligence to enhance detection rules, block malicious infrastructure, or support incident investigations. The medium severity rating suggests a moderate level of risk, likely due to the presence of suspicious infrastructure that could be leveraged for attacks but without confirmed active exploitation or widespread impact at this time.
Potential Impact
For European organizations, the impact of this threat is currently moderate but warrants attention. The detection of malicious infrastructure implies potential risks such as command and control servers, phishing domains, or malware distribution points that could be used against enterprises. If leveraged, these could lead to data breaches, disruption of services, or unauthorized access. The lack of specific IOCs or exploit details limits immediate actionable response but suggests that organizations should remain vigilant. European entities with extensive endpoint telemetry and threat intelligence capabilities can benefit from integrating this detection to improve their security posture. The medium confidence level indicates that while the threat is credible, it may not yet have caused significant harm, but could evolve or be part of a larger campaign targeting critical sectors such as finance, government, or critical infrastructure within Europe.
Mitigation Recommendations
Given the absence of concrete IOCs or exploit details, European organizations should focus on proactive threat hunting and infrastructure monitoring. Specific recommendations include: 1) Integrate threat intelligence feeds from LevelBlue Labs and AlienVault OTX into security information and event management (SIEM) systems to detect and block communications with suspicious infrastructure. 2) Enhance endpoint detection and response (EDR) capabilities to identify anomalous behaviors that may correlate with the detected infrastructure. 3) Conduct regular threat hunting exercises focusing on network traffic anomalies and unusual domain or IP activity. 4) Implement strict network segmentation and egress filtering to limit potential communication with malicious infrastructure. 5) Maintain up-to-date patching and vulnerability management to reduce attack surface, even though no specific vulnerabilities are identified here. 6) Collaborate with national cybersecurity centers and information sharing organizations to receive timely updates on emerging threats related to this campaign. These measures go beyond generic advice by emphasizing intelligence integration, behavioral analysis, and network controls tailored to the nature of infrastructure-based threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: medienparadies.com
- domain: albgby.org
- domain: akunlnw.biz
- domain: atnxh.ws
- domain: aufihj.com
- domain: bacjhelorboy.com
- domain: bbkmztnyn.biz
- domain: bbldtsbds.biz
- domain: beagebrgbb.org
- domain: beityncv.biz
- domain: atdgkd.cc
- domain: bmhziflm.org
- domain: btusj.org
- domain: caoowuxz.org
- domain: cblwnwb.biz
- domain: brxcroc.com
- domain: crilc.cc
- domain: cqlvq.com
- domain: ctfxpzlwgz.biz
- domain: cuzjjrzyphb.info
- domain: cvpjijr.cc
- domain: dk3pyn1clhkbiyauyjjcbdrwziklx.ru
- domain: dmxxgcra.ws
- domain: crpmod.ws
- domain: dponrajgnu.biz
- domain: dxazfbuh.cn
- domain: eatih.cc
- domain: ebuhutymp.cc
- domain: edjqmwtpqp.biz
- domain: elvjaktl.cc
- domain: etvkvevfsi.ws
- domain: euouwrvok.net
- domain: evonsfknvf.ws
- domain: ewrcb.ws
- domain: eyrftkznags.biz
- domain: fbtbyuv.ws
- domain: fgecup.biz
- domain: ffzgfz.net
- domain: fpavejw.cc
- domain: fpooqope.ws
- domain: fuxaizqdj.ws
- domain: fvidclzeq.cn
- domain: fvotpjy.biz
- domain: ftspuvwfma.ws
- domain: giczoirlv.com
- domain: giiksqycnxb.info
- domain: gnavgo.org
- domain: gjektfdmvxh.biz
- domain: fzbfy.cc
- domain: gynhejwd.ws
- domain: gtwlwd.biz
- domain: gxmel.cc
- domain: hkbquadkb.cn
- domain: hrbujfxe.cn
- domain: hsidwviyylp.biz
- domain: hvdmoctybr.biz
- domain: hwcjtdzsj.ws
- domain: hxlcpraqjqf.biz
- domain: hzjsdlscmv.info
- domain: ifhdsmijx.ws
- domain: ijcfojfs.ws
- domain: ilaralcgdh.cc
- domain: icubx.net
- domain: inipyiyl.cn
- domain: iqfak.net
- domain: isykwdlcwqo.biz
- domain: irxqarml.net
- domain: joaygrdc.biz
- domain: jpweglp.com
- domain: jybthiyfabk.ws
- domain: jyhvvyq.org
- domain: kblqsvjd.cn
- domain: jwobvs.ws
- domain: kearl.cc
- domain: jxsseqs.com
- domain: khbhztgn.biz
- domain: kkggj.cc
- domain: kmwalddu.org
- domain: kpcdi.ws
- domain: krvlxe.ws
- domain: kqxlzkmm.net
- domain: kzbkw.ws
- domain: lb7ca0d13ztlxleqz7kcy43eb40vv.lv
- domain: kstwdhor.biz
- domain: ldyqj.ws
- domain: leoxufaj.ws
- domain: ldhwbhr.net
- domain: leuizyzuz.com
- domain: lsesxfpcu1mkim6wtmxeqosz1eewh.pm
- domain: lqmuoydfw.ws
- domain: ltqvifkn.biz
- domain: lvwbwzgj.info
- domain: mbuceial.biz
- domain: meydgv.ws
- domain: mqjxba.cn
- domain: nguca.cn
- domain: nilrth8hxw73okegfzghr5kupnajl.sk
- domain: njessqhv.ws
- domain: nkbqbsrdl.biz
- domain: nkkmsgv.org
- domain: nmrximih.org
- domain: nntepzaolo.biz
- domain: npaohiqd.ws
- domain: nraxpoib.cn
- domain: ojenfzta.cc
- domain: omar-thing.site
- domain: nzctlpuy.net
- domain: opxgs.net
- domain: oxcrsndufl.ws
- domain: oscevaaxric.ws
- domain: ozqquhhl.cn
- domain: pfdj9sdbx4utjk2kedgvlc3whdhyt.mr
- domain: pfnpemv.org
- domain: pgiubbqt.cc
- domain: pkqthiih.biz
- domain: poahiy9nb100maqah3jghik2mlxwc.mr
- domain: puuqknouz.ws
- domain: qeb11ofhi3wekyples6p13y7bpgak.lt
- domain: qhmmwmwf.cn
- domain: qvdfllfxuy.net
- domain: qzohj.com
- domain: rcmwfy.ws
- domain: renfkepba.ws
- domain: rpjnfzfh.biz
- domain: rvvdomdgn.cc
- domain: rsrjinvvx.biz
- domain: rxeucggswz.ws
- domain: saitxozd.cn
- domain: scrsbk.com
- domain: sczblyglmv.info
- domain: sdwqniay.org
- domain: shmmgzdm.ws
- domain: sldgds.biz
- domain: smihdxzdloq.ws
- domain: spuqvgnc.net
- domain: rhxtwfrwr.biz
- domain: stxbanc.org
- domain: tfzrwcnv.ws
- domain: tmffokwoeh.ws
- domain: tmsnc.net
- domain: tscgl.ws
- domain: tthujtcs.net
- domain: tnrsofbrw.net
- domain: tzfxcmvburd.ws
- domain: tvzzyfec.ws
- domain: szysblxrt.biz
- domain: untjqtdn.biz
- domain: upnra.net
- domain: upiiykcaq.cn
- domain: uzuzu.cc
- domain: vddwtghvy.ws
- domain: vewdps.cc
- domain: uueoq.ws
- domain: vicpcqhm.com
- domain: vhijq.ws
- domain: vinfd.org
- domain: viztwqnq.com
- domain: vpcnugej.cc
- domain: vrhezazs.net
- domain: vwadkicj.cc
- domain: wcflsmom.net
- domain: wikfupwap.cc
- domain: wigilpj.cn
- domain: wilbat.cn
- domain: wscjvf.com
- domain: vyfvwswovz.ws
- domain: wwmryc.com
- domain: xnfdu.org
- domain: xsmceyvvl.ws
- domain: xsxestx.net
- domain: xwquen.net
- domain: xnuigkpsz.ws
- domain: ynnwvyz.cn
- domain: yjklml.biz
- domain: ydxlqmstu.biz
- domain: yocjrql.cn
- domain: ypzikpxrtf.biz
- domain: yqksknmj.ws
- domain: yqxdl.net
- domain: ysxfibw.cc
- domain: zcrwpvwjaqb.info
- domain: zguwbn.cn
- domain: zipctiqnhx.biz
- domain: zt8vhukkphg8ximjgfreyfkfpjusi.do
- domain: zraofvlf.biz
- domain: zcyaxo.org
- domain: zjjur.org
Infrastructure of Interest: Medium Confidence Detection
Description
These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations. These indicators have been assigned a medium confidence level regarding their maliciousness. They are therefore subject to further review, and feedback is greatly appreciated.
AI-Powered Analysis
Technical Analysis
The provided information describes a medium confidence detection of malicious infrastructure identified by LevelBlue Labs through advanced threat hunting techniques. These techniques include AI-driven heuristics, behavioral analysis of malicious activity, and correlation of endpoint telemetry with external intelligence sources. The detection is categorized as a campaign, indicating a coordinated set of malicious activities or infrastructure used by threat actors. However, the report lacks specific technical details such as affected software versions, adversary attribution, indicators of compromise (IOCs), or exploit mechanisms. No known exploits are reported in the wild, and no CVSS score is assigned. The detection primarily serves as intelligence to enhance detection rules, block malicious infrastructure, or support incident investigations. The medium severity rating suggests a moderate level of risk, likely due to the presence of suspicious infrastructure that could be leveraged for attacks but without confirmed active exploitation or widespread impact at this time.
Potential Impact
For European organizations, the impact of this threat is currently moderate but warrants attention. The detection of malicious infrastructure implies potential risks such as command and control servers, phishing domains, or malware distribution points that could be used against enterprises. If leveraged, these could lead to data breaches, disruption of services, or unauthorized access. The lack of specific IOCs or exploit details limits immediate actionable response but suggests that organizations should remain vigilant. European entities with extensive endpoint telemetry and threat intelligence capabilities can benefit from integrating this detection to improve their security posture. The medium confidence level indicates that while the threat is credible, it may not yet have caused significant harm, but could evolve or be part of a larger campaign targeting critical sectors such as finance, government, or critical infrastructure within Europe.
Mitigation Recommendations
Given the absence of concrete IOCs or exploit details, European organizations should focus on proactive threat hunting and infrastructure monitoring. Specific recommendations include: 1) Integrate threat intelligence feeds from LevelBlue Labs and AlienVault OTX into security information and event management (SIEM) systems to detect and block communications with suspicious infrastructure. 2) Enhance endpoint detection and response (EDR) capabilities to identify anomalous behaviors that may correlate with the detected infrastructure. 3) Conduct regular threat hunting exercises focusing on network traffic anomalies and unusual domain or IP activity. 4) Implement strict network segmentation and egress filtering to limit potential communication with malicious infrastructure. 5) Maintain up-to-date patching and vulnerability management to reduce attack surface, even though no specific vulnerabilities are identified here. 6) Collaborate with national cybersecurity centers and information sharing organizations to receive timely updates on emerging threats related to this campaign. These measures go beyond generic advice by emphasizing intelligence integration, behavioral analysis, and network controls tailored to the nature of infrastructure-based threats.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- []
- Adversary
- null
- Pulse Id
- 6894583edc4b67d5c7c5cb34
- Threat Score
- null
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainmedienparadies.com | — | |
domainalbgby.org | — | |
domainakunlnw.biz | — | |
domainatnxh.ws | — | |
domainaufihj.com | — | |
domainbacjhelorboy.com | — | |
domainbbkmztnyn.biz | — | |
domainbbldtsbds.biz | — | |
domainbeagebrgbb.org | — | |
domainbeityncv.biz | — | |
domainatdgkd.cc | — | |
domainbmhziflm.org | — | |
domainbtusj.org | — | |
domaincaoowuxz.org | — | |
domaincblwnwb.biz | — | |
domainbrxcroc.com | — | |
domaincrilc.cc | — | |
domaincqlvq.com | — | |
domainctfxpzlwgz.biz | — | |
domaincuzjjrzyphb.info | — | |
domaincvpjijr.cc | — | |
domaindk3pyn1clhkbiyauyjjcbdrwziklx.ru | — | |
domaindmxxgcra.ws | — | |
domaincrpmod.ws | — | |
domaindponrajgnu.biz | — | |
domaindxazfbuh.cn | — | |
domaineatih.cc | — | |
domainebuhutymp.cc | — | |
domainedjqmwtpqp.biz | — | |
domainelvjaktl.cc | — | |
domainetvkvevfsi.ws | — | |
domaineuouwrvok.net | — | |
domainevonsfknvf.ws | — | |
domainewrcb.ws | — | |
domaineyrftkznags.biz | — | |
domainfbtbyuv.ws | — | |
domainfgecup.biz | — | |
domainffzgfz.net | — | |
domainfpavejw.cc | — | |
domainfpooqope.ws | — | |
domainfuxaizqdj.ws | — | |
domainfvidclzeq.cn | — | |
domainfvotpjy.biz | — | |
domainftspuvwfma.ws | — | |
domaingiczoirlv.com | — | |
domaingiiksqycnxb.info | — | |
domaingnavgo.org | — | |
domaingjektfdmvxh.biz | — | |
domainfzbfy.cc | — | |
domaingynhejwd.ws | — | |
domaingtwlwd.biz | — | |
domaingxmel.cc | — | |
domainhkbquadkb.cn | — | |
domainhrbujfxe.cn | — | |
domainhsidwviyylp.biz | — | |
domainhvdmoctybr.biz | — | |
domainhwcjtdzsj.ws | — | |
domainhxlcpraqjqf.biz | — | |
domainhzjsdlscmv.info | — | |
domainifhdsmijx.ws | — | |
domainijcfojfs.ws | — | |
domainilaralcgdh.cc | — | |
domainicubx.net | — | |
domaininipyiyl.cn | — | |
domainiqfak.net | — | |
domainisykwdlcwqo.biz | — | |
domainirxqarml.net | — | |
domainjoaygrdc.biz | — | |
domainjpweglp.com | — | |
domainjybthiyfabk.ws | — | |
domainjyhvvyq.org | — | |
domainkblqsvjd.cn | — | |
domainjwobvs.ws | — | |
domainkearl.cc | — | |
domainjxsseqs.com | — | |
domainkhbhztgn.biz | — | |
domainkkggj.cc | — | |
domainkmwalddu.org | — | |
domainkpcdi.ws | — | |
domainkrvlxe.ws | — | |
domainkqxlzkmm.net | — | |
domainkzbkw.ws | — | |
domainlb7ca0d13ztlxleqz7kcy43eb40vv.lv | — | |
domainkstwdhor.biz | — | |
domainldyqj.ws | — | |
domainleoxufaj.ws | — | |
domainldhwbhr.net | — | |
domainleuizyzuz.com | — | |
domainlsesxfpcu1mkim6wtmxeqosz1eewh.pm | — | |
domainlqmuoydfw.ws | — | |
domainltqvifkn.biz | — | |
domainlvwbwzgj.info | — | |
domainmbuceial.biz | — | |
domainmeydgv.ws | — | |
domainmqjxba.cn | — | |
domainnguca.cn | — | |
domainnilrth8hxw73okegfzghr5kupnajl.sk | — | |
domainnjessqhv.ws | — | |
domainnkbqbsrdl.biz | — | |
domainnkkmsgv.org | — | |
domainnmrximih.org | — | |
domainnntepzaolo.biz | — | |
domainnpaohiqd.ws | — | |
domainnraxpoib.cn | — | |
domainojenfzta.cc | — | |
domainomar-thing.site | — | |
domainnzctlpuy.net | — | |
domainopxgs.net | — | |
domainoxcrsndufl.ws | — | |
domainoscevaaxric.ws | — | |
domainozqquhhl.cn | — | |
domainpfdj9sdbx4utjk2kedgvlc3whdhyt.mr | — | |
domainpfnpemv.org | — | |
domainpgiubbqt.cc | — | |
domainpkqthiih.biz | — | |
domainpoahiy9nb100maqah3jghik2mlxwc.mr | — | |
domainpuuqknouz.ws | — | |
domainqeb11ofhi3wekyples6p13y7bpgak.lt | — | |
domainqhmmwmwf.cn | — | |
domainqvdfllfxuy.net | — | |
domainqzohj.com | — | |
domainrcmwfy.ws | — | |
domainrenfkepba.ws | — | |
domainrpjnfzfh.biz | — | |
domainrvvdomdgn.cc | — | |
domainrsrjinvvx.biz | — | |
domainrxeucggswz.ws | — | |
domainsaitxozd.cn | — | |
domainscrsbk.com | — | |
domainsczblyglmv.info | — | |
domainsdwqniay.org | — | |
domainshmmgzdm.ws | — | |
domainsldgds.biz | — | |
domainsmihdxzdloq.ws | — | |
domainspuqvgnc.net | — | |
domainrhxtwfrwr.biz | — | |
domainstxbanc.org | — | |
domaintfzrwcnv.ws | — | |
domaintmffokwoeh.ws | — | |
domaintmsnc.net | — | |
domaintscgl.ws | — | |
domaintthujtcs.net | — | |
domaintnrsofbrw.net | — | |
domaintzfxcmvburd.ws | — | |
domaintvzzyfec.ws | — | |
domainszysblxrt.biz | — | |
domainuntjqtdn.biz | — | |
domainupnra.net | — | |
domainupiiykcaq.cn | — | |
domainuzuzu.cc | — | |
domainvddwtghvy.ws | — | |
domainvewdps.cc | — | |
domainuueoq.ws | — | |
domainvicpcqhm.com | — | |
domainvhijq.ws | — | |
domainvinfd.org | — | |
domainviztwqnq.com | — | |
domainvpcnugej.cc | — | |
domainvrhezazs.net | — | |
domainvwadkicj.cc | — | |
domainwcflsmom.net | — | |
domainwikfupwap.cc | — | |
domainwigilpj.cn | — | |
domainwilbat.cn | — | |
domainwscjvf.com | — | |
domainvyfvwswovz.ws | — | |
domainwwmryc.com | — | |
domainxnfdu.org | — | |
domainxsmceyvvl.ws | — | |
domainxsxestx.net | — | |
domainxwquen.net | — | |
domainxnuigkpsz.ws | — | |
domainynnwvyz.cn | — | |
domainyjklml.biz | — | |
domainydxlqmstu.biz | — | |
domainyocjrql.cn | — | |
domainypzikpxrtf.biz | — | |
domainyqksknmj.ws | — | |
domainyqxdl.net | — | |
domainysxfibw.cc | — | |
domainzcrwpvwjaqb.info | — | |
domainzguwbn.cn | — | |
domainzipctiqnhx.biz | — | |
domainzt8vhukkphg8ximjgfreyfkfpjusi.do | — | |
domainzraofvlf.biz | — | |
domainzcyaxo.org | — | |
domainzjjur.org | — |
Threat ID: 6895dcdbad5a09ad0002c7f1
Added to database: 8/8/2025, 11:17:47 AM
Last enriched: 8/8/2025, 11:33:00 AM
Last updated: 8/29/2025, 9:32:49 AM
Views: 33
Related Threats
Hunting Laundry Bear: Infrastructure Analysis Guide and Findings
MediumLoophole allows threat actors to claim VS Code extension names
MediumThousands of Developer Credentials Stolen in macOS “s1ngularity” Attack
MediumVirtual Infrastructure Abuse leads to SaaS Hijacks
MediumBelarus-Linked DSLRoot Proxy Network Deploys Hardware in U.S. Residences, Including Military Homes
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.